56 matches found
CVE-2023-6151
Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users. This issue affects e-municipality module: before v.105...
PT-2023-32546
Name of the Vulnerable Software and Affected Versions e-municipality module version prior to 105 Description The issue allows an attacker to collect data as provided by users due to the incorrect use of privileged APIs. Recommendations For versions prior to 105, update to version 105 or later to...
CVE-2023-4972
Incorrect Use of Privileged APIs vulnerability in Yepas Digital Yepas allows Collect Data as Provided by Users. This issue affects Digital Yepas: before 1.0.1...
PT-2023-31310
Name of the Vulnerable Software and Affected Versions Digital Yepas version 1.0.0 Description The issue is related to an Improper Privilege Management vulnerability, allowing the collection of data as provided by users. This can be exploited due to the incorrect use of privileged APIs...
CVE-2023-26078
Privilege escalation vulnerability was discovered in Atera Agent 1.8.4.4 and prior on Windows due to mishandling of privileged APIs...
Atera Agent 安全漏洞
Atera Agent is the basis for an Atera monitoring system from Atera Corporation. A security vulnerability exists in Atera Agent version 1.8.4.4 and earlier, which stems from improper handling of privileged APIs, resulting in elevated privileges...
Metersphere 安全漏洞
MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A security vulnerability exists in Metersphere versions prior to 2.10.2 LTS, which stems from a lack of permission checking in certain critical APIs, allowing normal users to use the APIs of high-privileged...
CVE-2022-46307
SGUDA U-Lock central lock control service’s lock management function has incorrect authorization. A remote attacker with general privilege can exploit this vulnerability to call privileged APIs to acquire information, manipulate or disrupt the functionality of arbitrary electronic locks...
memos 安全漏洞
memos is an open source hosted memo center with knowledge management and social features. A security vulnerability exists in memos versions prior to 0.9.0, which stems from incorrect use of privileged APIs...
PT-2022-14454 · Unknown · Polonel/Trudesk
Name of the Vulnerable Software and Affected Versions: polonel/trudesk versions prior to 1.2.4 Description: The issue concerns the incorrect use of privileged APIs in the GitHub repository polonel/trudesk. Recommendations: For versions prior to 1.2.4, update to version 1.2.4 or later to resolve t...
Trudesk 安全漏洞
Chris Brame Trudesk is an open source helpdesk/ticketing solution from Chris Brame USA. A security vulnerability exists in versions prior to Trudesk 1.2.4 that stems from the application's incorrect use of privileged APIs...
DEBIAN-CVE-2021-1052
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and...
UBUNTU-CVE-2021-1052
NVIDIA GPU Display Driver for Windows and Linux, all versions, contains a vulnerability in the kernel mode layer nvlddmkm.sys handler for DxgkDdiEscape or IOCTL in which user-mode clients can access legacy privileged APIs, which may lead to denial of service, escalation of privileges, and...
The vulnerability of the operator openshift-service-mesh/istio-rhel8-operator of the platform for behavior analysis and operational control over OpenShift Service Mesh network microservices allows attackers to enhance their privileges and gain unauthorized access to protected information.
The vulnerability of the operator of openshift-service-mesh/istio-rhel8-operator platform for analyzing network microservices and performing operational control is related to the improper use of privileged APIs. Exploiting this vulnerability allows a malicious actor to enhance their privileges an...
The vulnerability of the .setuserparams2 procedure of the Ghostscript file conversion program allows a attacker to execute arbitrary commands or gain access to the file system.
The vulnerability of the .setuserparams2 procedure in the Ghostscript file conversion program is related to the improper use of privileged APIs. Exploiting this vulnerability allows an attacker, operating remotely, to execute arbitrary commands or gain access to the file system by circumventing t...
CVE-2018-6083
Failure to disallow PWA installation from CSP sandboxed pages in AppManifest in Google Chrome prior to 65.0.3325.146 allowed a remote attacker to access privileged APIs via a crafted HTML page...